CodeMeter Certificate Vault

Share:

Certificates are the IT world’s way of identifying individuals and devices. The person or device in question has to possess a key pair with a secret private key. A central entity (the CA or certificate authority) confirms that the corresponding public key belongs to that person or device. It does so by using a certificate: To authenticate the identity, a cryptographic operation is conducted with the private key and verified with the public key. Additionally, the validity of the certificate itself is checked.

The strong security offered by certificates is immediately apparent when comparing them to passwords. Passwords can be revealed accidentally or shared intentionally by the user. Also, hackers can get access to a password by means of a phishing attack. CodeMeter Certificate Vault holds the keys securely inside the smart card chip embedded in CmDongles, so they cannot be retrieved and copied. While passwords are used time and time again, in the case of certificates, a new cryptographic operation is performed each time a private key is used.

CodeMeter Certificate Vault works as a PKCS#11 compliant token provider, integrating with the Microsoft Cryptographic API Next Generation (CNG) as a Key Storage Provider (KSP), and working with OpenSSL API e.g. to keep and use the keys for TLS certificates. It is fully integrated with many essential applications including browsers, VPNs, and email. The keys kept in CmDongles can neither be read nor otherwise accessed, protecting them from all duplication or tampering attempts.

Compared to the typical user convenience of passwords, implementing certificates is a highly intricate process that makes certificates an unpopular choice in many cases. However, an integration in CodeMeter License Central simplifies the creation and rollout of certificates, making them more amenable to widespread use.

Runtime Components

CodeMeter Container

CodeMeter Certificate Vault Version 1.0 works with the most secure type of container: a CmDongle. The keys are stored securely in the integrated smart card chip, where they are shielded from all prying eyes, whereas the certificates remain in the readable part of the CmContainer.

CodeMeter License Central Integration

CodeMeter License Central is the solution for creating, managing, and assigning licenses, digital rights, and keys. Extensions are used to create and distribute certificates.

For a simpler process, the key pair is created in CodeMeter License Central itself. The key and certificate are then packaged up by CodeMeter License Central in a special WibuCmRaU file for the client. The file is encrypted with a key of the client’s CmContainer and can only be imported and decrypted in that container. This makes it far easier to roll out and distribute certificates by simply pushing them into the known and secure CmContainer.

SOAP can be used to integrate the certificate creation process with existing CA solutions.